Test Kennung:	1.3.6.1.4.1.25623.1.0.63940
Kategorie:	Gentoo Local Security Checks
Titel:	Gentoo Security Advisory GLSA 200905-01 (asterisk)
Zusammenfassung:	The remote host is missing updates announced in;advisory GLSA 200905-01.
Beschreibung:	Summary: The remote host is missing updates announced in advisory GLSA 200905-01. Vulnerability Insight: Multiple vulnerabilities have been found in Asterisk allowing for Denial of Service and username disclosure. Solution: All Asterisk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.2.32' CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1897 BugTraq ID: 28901 http://www.securityfocus.com/bid/28901 Bugtraq: 20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete (Google Search) http://www.securityfocus.com/archive/1/491220/100/0/threaded Debian Security Information: DSA-1563 (Google Search) http://www.debian.org/security/2008/dsa-1563 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html http://security.gentoo.org/glsa/glsa-200905-01.xml http://www.altsci.com/concepts/page.php?s=asteri&p=2 https://downloads.asterisk.org/pub/security/AST-2008-006.html https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90 https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2 https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653 https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6 https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7 https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83 http://www.securitytracker.com/id?1019918 http://secunia.com/advisories/29927 http://secunia.com/advisories/30010 http://secunia.com/advisories/30042 http://secunia.com/advisories/34982 http://www.vupen.com/english/advisories/2008/1324 XForce ISS Database: asterisk-iax2protocol-ack-dos(41966) https://exchange.xforce.ibmcloud.com/vulnerabilities/41966 Common Vulnerability Exposure (CVE) ID: CVE-2008-2119 Bugtraq: 20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode (Google Search) http://www.securityfocus.com/archive/1/493020/100/0/threaded https://www.exploit-db.com/exploits/5749 http://www.securitytracker.com/id?1020166 http://secunia.com/advisories/30517 http://www.vupen.com/english/advisories/2008/1731 XForce ISS Database: asterisk-asturidecode-dos(42823) https://exchange.xforce.ibmcloud.com/vulnerabilities/42823 Common Vulnerability Exposure (CVE) ID: CVE-2008-3263 BugTraq ID: 30321 http://www.securityfocus.com/bid/30321 Bugtraq: 20080722 AST-2008-010: Asterisk IAX 'POKE' resource exhaustion (Google Search) http://www.securityfocus.com/archive/1/494675/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl http://www.securitytracker.com/id?1020535 http://secunia.com/advisories/31178 http://secunia.com/advisories/31194 http://www.vupen.com/english/advisories/2008/2168/references XForce ISS Database: asterisk-poke-dos(43942) https://exchange.xforce.ibmcloud.com/vulnerabilities/43942 Common Vulnerability Exposure (CVE) ID: CVE-2008-3264 BugTraq ID: 30350 http://www.securityfocus.com/bid/30350 Bugtraq: 20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system (Google Search) http://www.securityfocus.com/archive/1/494676/100/0/threaded http://www.securitytracker.com/id?1020536 XForce ISS Database: asterisk-downloadprotocol-dos(43955) https://exchange.xforce.ibmcloud.com/vulnerabilities/43955 Common Vulnerability Exposure (CVE) ID: CVE-2008-3903 BugTraq ID: 34353 http://www.securityfocus.com/bid/34353 Debian Security Information: DSA-1952 (Google Search) http://www.debian.org/security/2009/dsa-1952 http://misel.com/?p=52 http://secunia.com/advisories/37677 http://www.vupen.com/english/advisories/2009/0933 XForce ISS Database: asterisk-username-info-disclosure(45059) https://exchange.xforce.ibmcloud.com/vulnerabilities/45059 Common Vulnerability Exposure (CVE) ID: CVE-2008-5558 BugTraq ID: 32773 http://www.securityfocus.com/bid/32773 Bugtraq: 20081210 AST-2008-012: Remote crash vulnerability in IAX2 (Google Search) http://www.securityfocus.com/archive/1/499117/100/0/threaded http://osvdb.org/50675 http://www.securitytracker.com/id?1021378 http://secunia.com/advisories/32956 http://securityreason.com/securityalert/4769 http://www.vupen.com/english/advisories/2008/3403 Common Vulnerability Exposure (CVE) ID: CVE-2009-0041 BugTraq ID: 33174 http://www.securityfocus.com/bid/33174 Bugtraq: 20090108 AST-2009-001: Information leak in IAX2 authentication (Google Search) http://www.securityfocus.com/archive/1/499884/100/0/threaded http://www.securitytracker.com/id?1021549 http://secunia.com/advisories/33453 http://securityreason.com/securityalert/4910 http://www.vupen.com/english/advisories/2009/0063
Copyright	Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.